Suppression List

A suppression list is a list of suppressed e-mail addresses used by e-mail senders to comply with the CAN-SPAM Act of 2003 (United States of America). CAN-SPAM requires that senders of commercial emails provide a functioning opt-out mechanism by which email recipients can unsubscribe their email address from future email messages. The unsubscribed email addresses are placed into a "suppression list" which is used to "suppress" future email messages to that email address.


A suppression list contains valid email addresses. Suppression list abuse occurs when a third party takes a suppression list and emails messages to the email addresses in the list. The original sender of the email messages who provided the opt-out mechanism may be liable for suppression list abuse.

Additionally: Suppression files are to be used when you are emailing a particular campaign. Email addresses in suppression lists are NOT to be included while emailing; those people have chosen not to receive emails for that product. Alternately, in terms of email marketing, Suppression lists contain email ID's that have already chosen to OPT-OUT from getting email updates of that particular product.

Protection and tracking

A variety of technological means are used to protect suppression lists and track suppression list abuse. These include neutral third party scrubbing of email lists, distribution of MD5 hash suppression lists and distribution of "seeded" email lists.

The best practice in distributing these lists is to avoid sending the email addresses themselves as plaintext, but instead send a list with one "hash" per line, each hash generated from an email address using a one-way cryptographic hash function.

Internal mailing lists can be scrubbed by using the same hash function to generate one "hash" for each email address on internal mailing lists, and if the internally generated hash matches any of the hashes on the suppression list, then the corresponding email address on the internal mailing list *should* be removed.

Because the hash is one-way, it's not possible for a person to recover the original email address if that person only has the code, making it impossible for that email address to accidentally or deliberately be *added* (rather than removed) from internal mailing lists.[1][2]


  1. ^ Cari Birkner. "ESPC Sets Deadline to Require MD5 Hash Encryption". 2009.
  2. ^ Bellezza, Antonio. "Gravatars: why publishing your email's hash is not a good idea".

  This article uses material from the Wikipedia page available here. It is released under the Creative Commons Attribution-Share-Alike License 3.0.



Connect with defaultLogic
What We've Done
Led Digital Marketing Efforts of Top 500 e-Retailers.
Worked with Top Brands at Leading Agencies.
Successfully Managed Over $50 million in Digital Ad Spend.
Developed Strategies and Processes that Enabled Brands to Grow During an Economic Downturn.
Taught Advanced Internet Marketing Strategies at the graduate level.

Manage research, learning and skills at Create an account using LinkedIn to manage and organize your omni-channel knowledge. is like a shopping cart for information -- helping you to save, discuss and share.

  Contact Us